Security notifications - Add SAST and secret rule types

.generator/schemas/v2/openapi.yaml

@@ -57465,7 +57465,8 @@ components:
         Signal-based notification rules can filter signals based on rule types application_security, log_detection,
         workload_security, signal_correlation, cloud_configuration and infrastructure_configuration.
         Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability,
-        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration.
+        application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration,
+        api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability.
       enum:
         - application_security
         - log_detection
@@ -57482,6 +57483,8 @@ components:
         - api_security
         - host_vulnerability
         - iac_misconfiguration
+        - sast_vulnerability
+        - secret_vulnerability
       type: string
       x-enum-varnames:
         - APPLICATION_SECURITY
@@ -57499,6 +57502,8 @@ components:
         - API_SECURITY
         - HOST_VULNERABILITY
         - IAC_MISCONFIGURATION
+        - SAST_VULNERABILITY
+        - SECRET_VULNERABILITY
     RuleUser:
       description: User creating or modifying a rule.
       properties:

cassettes/features/v2/security_monitoring/Create-a-new-vulnerability-based-notification-rule-with-sast-and-secret-rule-types-returns-Successfully-created-the-notification-rule-response.frozen

@@ -0,0 +1 @@
+2026-04-16T13:47:18.057Z

examples/v2/security-monitoring/CreateVulnerabilityNotificationRule_2417112739.rb

@@ -0,0 +1,31 @@
+# Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the
+# notification rule." response
+
+require "datadog_api_client"
+api_instance = DatadogAPIClient::V2::SecurityMonitoringAPI.new
+
+body = DatadogAPIClient::V2::CreateNotificationRuleParameters.new({
+  data: DatadogAPIClient::V2::CreateNotificationRuleParametersData.new({
+    attributes: DatadogAPIClient::V2::CreateNotificationRuleParametersDataAttributes.new({
+      enabled: true,
+      name: "Example-Security-Monitoring",
+      selectors: DatadogAPIClient::V2::Selectors.new({
+        query: "(source:production_service OR env:prod)",
+        rule_types: [
+          DatadogAPIClient::V2::RuleTypesItems::SAST_VULNERABILITY,
+          DatadogAPIClient::V2::RuleTypesItems::SECRET_VULNERABILITY,
+        ],
+        severities: [
+          DatadogAPIClient::V2::RuleSeverity::CRITICAL,
+        ],
+        trigger_source: DatadogAPIClient::V2::TriggerSource::SECURITY_FINDINGS,
+      }),
+      targets: [
+        "@john.doe@email.com",
+      ],
+      time_aggregation: 86400,
+    }),
+    type: DatadogAPIClient::V2::NotificationRulesType::NOTIFICATION_RULES,
+  }),
+})
+p api_instance.create_vulnerability_notification_rule(body)

features/v2/security_monitoring.feature

@@ -591,6 +591,13 @@ Feature: Security Monitoring
     When the request is sent
     Then the response status is 201 Successfully created the notification rule.
 
+  @team:DataDog/cloud-security-posture-management
+  Scenario: Create a new vulnerability-based notification rule with sast and secret rule types returns "Successfully created the notification rule." response
+    Given new "CreateVulnerabilityNotificationRule" request
+    And body with value {"data": {"attributes": {"enabled": true, "name": "{{ unique }}", "selectors": {"query": "(source:production_service OR env:prod)", "rule_types": ["sast_vulnerability", "secret_vulnerability"], "severities": ["critical"], "trigger_source": "security_findings"}, "targets": ["@john.doe@email.com"], "time_aggregation": 86400}, "type": "notification_rules"}}
+    When the request is sent
+    Then the response status is 201 Successfully created the notification rule.
+
   @team:DataDog/k9-cloud-siem
   Scenario: Create a scheduled detection rule returns "OK" response
     Given new "CreateSecurityMonitoringRule" request

lib/datadog_api_client/v2/models/rule_types_items.rb

@@ -21,7 +21,8 @@ module DatadogAPIClient::V2
   # Signal-based notification rules can filter signals based on rule types application_security, log_detection,
   # workload_security, signal_correlation, cloud_configuration and infrastructure_configuration.
   # Vulnerability-based notification rules can filter vulnerabilities based on rule types application_code_vulnerability,
-  # application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration, api_security, host_vulnerability and iac_misconfiguration.
+  # application_library_vulnerability, attack_path, container_image_vulnerability, identity_risk, misconfiguration,
+  # api_security, host_vulnerability, iac_misconfiguration, sast_vulnerability and secret_vulnerability.
   class RuleTypesItems
     include BaseEnumModel
 
@@ -40,5 +41,7 @@ class RuleTypesItems
     API_SECURITY = "api_security".freeze
     HOST_VULNERABILITY = "host_vulnerability".freeze
     IAC_MISCONFIGURATION = "iac_misconfiguration".freeze
+    SAST_VULNERABILITY = "sast_vulnerability".freeze
+    SECRET_VULNERABILITY = "secret_vulnerability".freeze
   end
 end